A study by US-based cyber security firm FireEye has revealed that mobile apps of seven banks in India were infected with malware that can steal sensitive financial information. FireEye has been quoted as saying banking network frauds have spread around the world and it has tracked such incidents that affected banks in Ukraine, Ecuador and India, with losses totaling more than $100 million. Press reports quoting India head of FairEye Vishal Raman said in India the study has seen financially-motivated cyber-criminal groups launching sophisticated attacks to steal funds from many potential sources: organizations, consumers, ATMs and banks. As India’s digital payment systems handle more transactions, they will become more lucrative targets, he added. The mobile apps of 7 large banks in India were found to be infected with malware that has the capability to steal user credentials and the company has informed the banks about the same, Raman added. The two major malware found on Indian banking apps by FireEye are Webinjects and Bugat. Webinjects are a functionality integrated into many types of credential theft malware that allow hackers to dynamically alter what is displayed to victims on an infected device (mobile phone). Bugat is a credential theft malware used by a limited number of cyber-crime groups.
